On Fri, Feb 14, 2014 at 3:32 PM, Bruce Momjian <br...@momjian.us> wrote:
> On Thu, Feb 13, 2014 at 11:28:45PM -0600, Jerry Sievers wrote: > > > One issue with this is that pg_hba.conf is order sensitive, which could > > > become a trap for the unwary if includes are used carelessly. > > > > Indeed. > > > > The other thing that comes to mind, is that as opposed to > > postgresql.conf and the include scenario there... one can do show all or > > query from pg_stat_activity just to see what setting they ended up > > with. > > > > I'm not aware of any way to probe what hba rules are loaded at runtime > > and thus, debugging hba config changes not really possible. > > In an ideal world we would have a tool where you could plug in a > username, database, IP address, and test pg_hba.conf file and it would > report what line is matched. > I almost wrote a function you could call to do that a while back. I never finished it though :) It's not all that hard to do, but requires some minor refactoring of how the HBA code works. What would also be useful would be to be able to use such a function/tool against a different file than the current HBA one, to verify *before* you reload... -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/
